AWS_IAM_42

Ensure Password Policy must require minimal length of 7

Description

Verify that password policy is enabled for the account. PCI-DSS Section 8.2, 8.3 Verify that PCI-DSS password policy requirements are configured and enforced.

Remediation

Setting a password complexity policy increases account resiliency against brute force login attempts. Perform the following to set the password policy as prescribed: 

1. log in to AWS Console (with appropriate permissions to View Identity Access Management Account Settings) 

2. Go to IAM Service on the AWS Console 

3. Click on Account Settings on the Left Pane 

4. Set the minimum password length to 7.

5. Click Apply password policy” We recommend that a strong password policy be set for IAM users.&nbsp

Service

IAM

Severity

Medium

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!